Edinburgh Research Explorer

AppPAL for Android: Capturing and Checking Mobile App Policies

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Related Edinburgh Organisations

Open Access permissions

Open

Documents

Original languageEnglish
Title of host publicationESSoS: International Symposium on Engineering Secure Software and Systems
Number of pages17
Publication statusPublished - 2016
Event8th International Symposium of Engineering Secure Software and Systems 2016 - London, United Kingdom
Duration: 6 Apr 20168 Apr 2016
https://distrinet.cs.kuleuven.be/events/essos/2016/

Conference

Conference8th International Symposium of Engineering Secure Software and Systems 2016
Abbreviated titleESSoS 2016
CountryUnited Kingdom
CityLondon
Period6/04/168/04/16
Internet address

Abstract

It can be difficult to find mobile apps that respect one’s security and privacy. Businesses rely on employees enforcing company mobile device policies correctly. Users must judge apps by the information shown to them by the store. Studies have found that most users do not pay attention to an apps permissions during installation [19] and most users do not understand how permissions relate to the capabilities of an app [30]. To address these problems and more, we present AppPAL: a machinereadable policy language for Android that describes precisely when apps are acceptable. AppPAL goes beyond existing policy enforcement tools, like Kirin [16], adding delegation relationships to allow a variety of authorities to contribute to a decision. AppPAL also acts as a “glue”, allowing connection to a variety of local constraint checkers (e.g., static analysis tools, packager manager checks) to combine their results. As well as introducing AppPAL and some examples, we apply it to explore whether users follow certain intended policies in practice, finding privacy preferences and actual behaviour are not always aligned in the absence of a rigorous enforcement mechanism.

Event

8th International Symposium of Engineering Secure Software and Systems 2016

6/04/168/04/16

London, United Kingdom

Event: Conference

Download statistics

No data available

ID: 23370653